Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- public function ProtectPassword($password){
- include_once("secure/constants.php");
- $salt = PASSWORD_SALT;
- $protectedPassword = sha1($salt.$password);
- return $protectedPassword;
- }
- ----------------------
- function Login($username, $password){
- $this->ConnectDB();
- //Washing username
- $username = strtolower($username);
- $username = $this->mysql_prep($username);
- //Get the ID for the user
- $userId = $this->getUserID($username);
- //Gets the active state of the user
- $activeState = $this->IsUserActive($userId);
- //Confirm that this is an active account
- if($activeState){
- //Hash and salt the password
- $hashed_password = $this->ProtectPassword($password);
- //Selects the password
- $query = "SELECT hashed_password, email FROM users WHERE email = '$username'";
- $result = mysql_query($query);
- if(!$result){
- die("Couldn't find that post in the database.");
- return;
- }
- $row = mysql_fetch_assoc($result);
- $dbPass = $row['hashed_password'];
- //Confirms that the password is what the user entered
- if($hashed_password === $dbPass){
- //Succesfully logged in!
- $loginResult = true;
- //Update the logged_in state to 1, eg true
- $query = "UPDATE user_state SET logged_in = '1' WHERE user_id = '$userId'";
- mysql_query($query);
- echo mysql_error();
- //Include the Log class and log that the user logged in
- include_once("Log.class.php");
- $logger = new Log();
- $logger->logLogin($userId);
- $logger->logInteract($userId);
- //Save the userID and username in a session
- $_SESSION['userID'] = $userId;
- $_SESSION['username'] = $username;
- session_write_close();
- echo "logged in";
- }else{
- //Wrong password
- $loginResult = false;
- echo "inte inloggad <br/>";
- echo $password . "<br/>" . $row['hashed_password'];
- echo "<br/>" . $username . "<br/> " . $row['email'];
- }
- //Returns the result
- return $loginResult;
- }else{
- //The user is inactive, on vacation or whatnot.
- $user_message = "This account is marked as disabled. Contact the webmaster.";
- return $user_message;
- }
- }
- -------------------
- function Register($username, $password, $name, $surName,
- $cellphone, $adress, $postalNumber, $city){
- $this->ConnectDB();
- //Wash email (username) first, so that it'll parse as it should when we're checking if the email (username) exists
- //Also we're making it to lower case since that's what will be used everywhere when comparing
- $username = strtolower($username);
- $username = $this->mysql_prep($username);
- $usernameIsTaken = $this->isUsernameTaken($username);
- if($usernameIsTaken){
- $user_message = "That email is already registered here.";
- return $user_message;
- }
- //Hash and salt password
- $hashed_password = $this->ProtectPassword($password);
- //Ensure we're not getting any bad stuff into the database
- $name = $this->mysql_prep($name);
- $surName = $this->mysql_prep($surName);
- $city = $this->mysql_prep($city);
- $adress = $this->mysql_prep($adress);
- //Ensure that we're getting a real phonenumber, and not a bunch of letters for example, using RegExp
- if(!preg_match('/[^((0-9)|\-|\(|\)|\+)]+((x|ext)[.]?[ ]?[0-9]{1,5})?$/', $cellphone) && !empty($cellphone)) {
- //Cellphone number is OK, don't to anything
- }else{
- echo "Cellphone number not valid, try again";
- return false;
- }
- // Ensure that the postalnumber is a number,
- // and it may consist of 12345 AND 123 45
- if(preg_match("/^[0-9]{3}\s?[0-9]{2}$/", $postalNumber)){
- echo 'Valid ';
- echo "<br/>";
- echo $postalNumber;
- }else{
- echo 'Inte valid';
- echo "<br/>";
- echo $postalNumber;
- return false;
- }
- $userId = $this->GetUserID($username);
- //Create a new user
- $registerQuery = "INSERT INTO users (email, hashed_password, first_name, sur_name, cellphone, adress, postal_number, city)
- VALUES('$username', '$hashed_password', '$name', '$surName',
- '$cellphone', '$adress', '$postalNumber', '$city')";
- $registerResult = mysql_query($registerQuery);
- if($registerResult){
- // Successfully registred!
- echo "registrerat" . "<br/>";
- $this->ConnectDB();
- $userId = $this->GetUserID($username);
- // Insert the default values when the user registers, eg that he is default, and not an admin.
- $defaultRoleQuery = "INSERT INTO `user_roles`(`user_id`, `role_id`)
- VALUES ('$userId', 1)";
- $defaultRoleResult = mysql_query($defaultRoleQuery);
- // Check if we succeeded with the default role query
- if($defaultRoleResult){
- // Insert the default state, eg that he last did something now, is not logged in, and is active
- $userStateQuery = "INSERT INTO `user_state`(`user_id`, `last_interaction`, `logged_in`, `active`)
- VALUES ('$userId', now(), 0, 1)";
- $userStateResult = mysql_query($userStateQuery);
- if($userStateResult){
- $user_message = "Successfully registered!";
- return $user_message;
- }else{
- $query = "DELETE FROM users WHERE user_id = '$userId'";
- mysql_query($query);
- $user_message = "Something went wrong in the registration-process, please try again later.";
- return $user_message;
- }
- }else{
- $query = "DELETE FROM users WHERE user_id = '$userId'";
- mysql_query($query);
- $user_message = "Something went wrong in the registration-process, please try again later.";
- return $user_message;
- }
- }else{
- // Something went wrong with the registration
- $user_message = "Something went wrong in the registration-process, please try again later.";
- return $user_message;
- }
- }
Add Comment
Please, Sign In to add comment